export {
    redef enum Log::ID += { LOG };
    type Session: record {
        sip: addr;
        spt: port;
        dip: addr;
        dpt: port;
        start_time: time;
        end_time: time;
        protocol: set[string];
        protocol_cnt:count;
        ip_protocol:set[transport_proto];
        uri:set[string];
        uri_cnt:count;
        content_type_request:set[string];
        content_type_request_cnt:count;

        content_type_response:set[string];
        content_type_response_cnt:count;
        duration:interval;

        server_version:set[string];
        server_version_cnt:count;
        client_version:set[string];
        client_version_cnt:count;
        http_host:string;
        http_statuscode:set[count];
        http_response_server:set[string];
        dns_query:string;
        dns_query_type:set[count];
        dns_query_type_cnt:count;
        dns_query_class:set[count];
        dns_query_class_cnt:count;
        dns_status:set[string];
        dns_status_cnt:count;
        tcpflag_syn:count;
        tcpflag_fin:count;
        tcpflag_rst:count;
        tcpflag_ack:count;
        tcpflag_push:count;
        tcpflag_urgent:count;
        tcpflags_syn_ack:count;
        method_get_cnt:count;
        method_post_cnt:count;
        request_header:set[string];
        response_header:set[string];

        alpn:set[string];
        alpn_cnt:count;
        dns_asn:set[count];
        dns_geo:set[string];
        dns_rir:set[string];

        dns_ip_cnt:count;
        dns_ip:set[addr];

        dns_host:set[string];

        request_header_cnt:count;
        response_header_cnt:count;

        client_bytes:count;
        pkts_req:count;
        num_bytes_ip_req:count;

        server_bytes:count;
        pkts_res:count;
        num_bytes_ip_res:count;


        network_pkts:count;

        tls_version:set[count];
        tls_version_cnt:count;
        http_path:set[string];
        http_path_cnt:count;
        method:set[string];
        method_cnt:count;
        tls_src_session_id:set[string];
        tls_dst_session_id:set[string];
        tls_cipher:set[string];
        tls_cipher_cnt:count;
        dns_op_code:set[count];
        dns_op_code_cnt:count;



        #all columns
        src_user_agent:set[string];
        src_user_agent_cnt:count;
        src_referer:string;
        src_host:string;
        src_connection:string;
        src_content_type:string;
        src_x_forwarded_for:set[string];
        src_x_forwarded_for_cnt:count;
        src_accept:string;
        src_accept_encoding:string;
        src_accept_language:string;
        src_cookie:string;
        src_origin:string;
        src_n:string;
        src_x_requested_with:string;
        src_sec_fetch_mode:string;
        src_sec_fetch_site:string;
        src_sec_fetch_dest:string;
        src_content_encoding:string;
        src_sec_ch_ua:string;
        src_sec_ch_ua_mobile:string;
        src_sec_ch_ua_platform:string;
        src_cache_control:string;
        src_pragma:string;
        src_x_real_ip:string;
        src_soapaction:string;
        src_x_forwarded_proto:string;
        src_x_forwarded_host:string;
        src_x_request_id:string;
        src_x_forwarded_port:string;
        src_x_forwarded_scheme:string;
        src_x_original_forwarded_for:string;
        src_authorization:string;
        src_trace_id:string;
        src_distinct_id:string;
        src_url_path:string;
        src_if_modified_since:string;
        src_ecid_context:string;
        src_token:string;
        src_access_control_request_method:string;
        src_access_token:string;
        src_access_control_request_headers:string;
        src_sec_fetch_user:string;
        src_accept_charset:string;
        src_usercode:string;
        src_logincode:string;
        src_range:string;
        src_requestsource:string;
        src_if_range:string;
        src_if_none_match:string;
        src_sw8:string;
        src_x_sign:string;
        src_x_timestamp:string;
        src_charset:string;
        src_sec_websocket_key:string;
        src_sec_websocket_extensions:string;
        src_xms_auth_token:string;
        src_x_prototype_version:string;
        src_systemcode:string;
        src_client_version:string;
        src_requestid:string;
        src_x_mule_encoding:string;
        src_x_mule_session:string;
        src_x_mule_root_message_id:string;
        src_priority:string;
        src_server:string;
        src_transfer_encoding:string;
        src_xxl_job_access_token:string;
        src_te:string;
        src_access_control_allow_origin:string;
        src_eset_spread_control:string;
        src_x_splunk_digest:string;
        src_x_splunk_lm_nonce:string;
        src_x_splunk_lm_signature:string;
        src_set_cookie:string;
        src_x_oracle_dms_ecid:string;
        src_client:string;
        src_post:string;
        src_ucosessionid:string;
        src_user:string;
        src_winuser:string;
        src_digest:string;
        src_access_control_allow_methods:string;
        src_keep_alive:string;
        src_postman_token:string;
        src_x_xss_protection:string;
        src_vary:string;
        src_access_control_allow_headers:string;
        src_signdata:string;
        src_yssip:string;
        src_location:string;
        src_content_language:string;
        src_x_forwarded_prefix:string;
        src_x_ua_compatible:string;
        src_x_bd_traceid:string;
        src_proxy_connection:string;
        src_via:string;
        src_area:string;
        src_check:string;
        src_clientname:string;
        src_networktype:string;
        src_nonce:string;
        src_osversion:string;
        src_screen:string;
        src_userid:string;
        src_x_frame_options:string;
        src_kbn_version:string;
        src_access_control_expose_headers:string;
        src_from:string;
        src_allow:string;
        src_etag:string;
        src_x_csrftoken:string;
        src_preip:string;
        src_preivkapp:string;
        src_preivkhost:string;
        src_tlogspanid:string;
        src_x_playback_session_id:string;
        src_imgids:string;
        src_am_traceid:string;
        src_xms_backend_server:string;
        src_sssessionid:string;
        src_client_requesttoken:string;
        src_strict_transport_security:string;
        src_referrer_policy:string;
        src_x_amz_request_id:string;
        src_x_miorigin:string;
        src_bussno:string;
        src_imgfilepath:string;
        src_imgid:string;
        src_x_powered_by:string;
        src_x_csrf_token:string;
        src_busscode:string;
        src_prod_sw8:string;
        src_client_ip:string;
        src_content_transfer_encoding:string;
        src_remote_addr:string;
        src_traceid:string;
        src_cf_ray:string;
        src_content_disposition:string;
        src_content_range:string;
        src_content_security_policy:string;
        src_jenkins_crumb:string;
        src_p3p:string;
        src_tc_anp:string;
        src_tc_entsig:string;
        src_tc_spanid:string;
        src_tc_traceid:string;
        src_www_authenticate:string;
        src_x_cache_status:string;
        src_x_clickhouse_query_id:string;
        dst_n:string;
        dst_content_type:string;
        dst_transfer_encoding:string;
        dst_connection:string;
        dst_set_cookie:string;
        dst_x_oracle_dms_ecid:string;
        dst_content_language:string;
        dst_cache_control:string;
        dst_server:string;
        dst_pragma:string;
        dst_access_control_allow_origin:string;
        dst_keep_alive:string;
        dst_vary:string;
        dst_access_control_allow_methods:string;
        dst_access_control_allow_headers:string;
        dst_etag:string;
        dst_content_encoding:string;
        dst_access_control_expose_headers:string;
        dst_x_xss_protection:string;
        dst_access_control_request_headers:string;
        dst_x_frame_options:string;
        dst_location:string;
        dst_x_powered_by:string;
        dst_p3p:string;
        dst_x_ua_compatible:string;
        dst_x_mule_encoding:string;
        dst_x_mule_session:string;
        dst_x_amz_request_id:string;
        dst_content_disposition:string;
        dst_content_range:string;
        dst_allow:string;
        dst_xms_backend_server:string;
        dst_x_clickhouse_query_id:string;
        dst_referrer_policy:string;
        dst_content_security_policy:string;
        dst_content_id:string;
        dst_sec_websocket_accept:string;
        dst_sec_websocket_extensions:string;
        dst_via:string;
        dst_x_cache:string;
        dst_x_amz_cf_id:string;
        dst_x_amz_cf_pop:string;
        dst_x_request_id:string;
        dst_www_authenticate:string;
        dst_strict_transport_security:string;
        dst_x_splunk_digest:string;
        dst_x_splunk_lm_nonce:string;
        dst_content_transfer_encoding:string;
        dst_x_arequestid:string;
        dst_x_ausername:string;
        dst_x_asessionid:string;
        dst_accept_charset:string;
        dst_kbn_license_sig:string;
        dst_kbn_name:string;
        dst_audit_id:string;
        dst_cf_ray:string;
        dst_x_cache_status:string;
        dst_ctl_cache_status:string;
        dst_request_id:string;
        dst_x_csrf_token:string;
        dst_hostname:string;
        dst_browseruid:string;
        dst_page_title:string;
        dst_x_ws_request_id:string;
        dst_gsid:string;
        dst_link:string;
        dst_x_reqid:string;
        dst_login:string;
        dst_x_nws_log_uuid:string;
        dst_x_instance_identity:string;
        dst_x_jenkins:string;
        dst_x_jenkins_session:string;
        src_content_length:string;
        src_upgrade_insecure_requests:string;
        src_checktime:string;
        src_x_splunk_lm_timestamp:string;
        src_expires:string;
        src_nx_anti_csrf_token:string;
        src_st:string;
        src_timestamp:string;
        src_access_control_max_age:string;
        src_tlogtraceid:string;
        src_vivo_browser_text_zoom:string;
        src_contents_client_adapter_id:string;
        src_client_requestts:string;
        src_bdpparallelload:string;
        src_comcode:string;
        src_createuser:string;
        src_x_envoy_upstream_service_time:string;
        src_age:string;
        src_x_cid:string;
        dst_content_length:string;
        dst_expires:string;
        dst_access_control_max_age:string;
        dst_tlogtraceid:string;
        dst_rgwx_embedded_metadata_len:string;
        dst_rgwx_mtime:string;
        dst_rgwx_obj_pg_ver:string;
        dst_rgwx_object_size:string;
        dst_x_envoy_upstream_service_time:string;
        dst_age:string;
        dst_x_splunk_lm_timestamp:string;
        dst_x_runtime:string;
        dst_x_w_no:string;
        dst_x_cid:string;
        dst_sc:string;
        dst_x_response_timestrap:string;
    } &log;




    const base_errors = {
		[0] = "NOERROR",        # No Error
		[1] = "FORMERR",        # Format Error
		[2] = "SERVFAIL",       # Server Failure
		[3] = "NXDOMAIN",       # Non-Existent Domain
		[4] = "NOTIMP",         # Not Implemented
		[5] = "REFUSED",        # Query Refused
		[6] = "YXDOMAIN",       # Name Exists when it should not
		[7] = "YXRRSET",        # RR Set Exists when it should not
		[8] = "NXRRSet",        # RR Set that should exist does not
		[9] = "NOTAUTH",        # Server Not Authoritative for zone
		[10] = "NOTZONE",       # Name not contained in zone
		[11] = "unassigned-11", # available for assignment
		[12] = "unassigned-12", # available for assignment
		[13] = "unassigned-13", # available for assignment
		[14] = "unassigned-14", # available for assignment
		[15] = "unassigned-15", # available for assignment
		[16] = "BADVERS",       # for EDNS, collision w/ TSIG
		[17] = "BADKEY",        # Key not recognized
		[18] = "BADTIME",       # Signature out of time window
		[19] = "BADMODE",       # Bad TKEY Mode
		[20] = "BADNAME",       # Duplicate key name
		[21] = "BADALG",        # Algorithm not supported
		[22] = "BADTRUNC",      # draft-ietf-dnsext-tsig-sha-05.txt
		[23] = "BADCOOKIE",     # Bad EDNS cookie value
		[3842] = "BADSIG",      # 16 <= number collision with EDNS(16);
		                        # this is a translation from TSIG(16)
	} &default = function(n: count): string { return fmt("rcode-%d", n); };


}